[CDS] Retrieve certificates automatically
Today, CDS UI is using an hardcoded certificate, which is not the right
way to do.
This patch is using certInitializer in order to do it automatically.
Issue-ID: CCSDK-3141
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5f2e564abd15f685df03be130b3969cad867b0b5
diff --git a/kubernetes/cds/components/Makefile b/kubernetes/cds/components/Makefile
index f2e7a1f..bf267b7 100644
--- a/kubernetes/cds/components/Makefile
+++ b/kubernetes/cds/components/Makefile
@@ -17,9 +17,9 @@
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
-EXCLUDES := soHelpers
+EXCLUDES :=
HELM_BIN := helm
-HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
diff --git a/kubernetes/cds/components/cds-ui/requirements.yaml b/kubernetes/cds/components/cds-ui/requirements.yaml
index ff51b44..2f608f1 100644
--- a/kubernetes/cds/components/cds-ui/requirements.yaml
+++ b/kubernetes/cds/components/cds-ui/requirements.yaml
@@ -16,6 +16,9 @@
- name: common
version: ~7.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~7.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~7.x-0
repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/cds/components/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
index 1c88f56..359c713 100644
--- a/kubernetes/cds/components/cds-ui/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
@@ -37,6 +37,9 @@
release: {{ include "common.release" . }}
name: {{ include "common.fullname" . }}
spec:
+ {{- if .Values.global.aafEnabled }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -71,12 +74,18 @@
value: "{{ .Values.config.api.processor.grpc.port }}"
- name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN
value: {{ .Values.config.api.processor.grpc.authToken }}
+ {{- if .Values.global.aafEnabled }}
+ - name: KEYSTORE
+ value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12"
+ - name: PASSPHRASE
+ value: "{{ .Values.certInitializer.credsPath }}/mycreds.prop"
+ {{- end }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -90,7 +99,7 @@
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml
index 1c7f628..a7d0667 100644
--- a/kubernetes/cds/components/cds-ui/values.yaml
+++ b/kubernetes/cds/components/cds-ui/values.yaml
@@ -22,6 +22,27 @@
subChartsOnly:
enabled: true
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: cds-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: sdnc-cds
+ fqi: sdnc-cds@sdnc-cds.onap.org
+ public_fqdn: sdnc-cds.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.sdnc-cds
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
# application image
image: onap/ccsdk-cds-ui-server:1.0.3
pullPolicy: Always